8/8/2019 Lucid Ldap

http://slidepdf.com/reader/full/lucid-ldap 1/4

In my previous LDAP server howto we used 8.04 Hardy Heron. Things have changed quite a bit

since then, so I have updated my procedure. Most of this is ajust a reproduction of the Ubuntu Doc'spage for LDAP (See references at the end of the article for a link)

PLATFORM:* Ubuntu Server 10.04 LTS (Lucid)

PREREQUISITES:

* A standard vanilla Ubuntu 10.04 server install.

* An NFS server exporting the users home directorys

Network overview;* domain name: example.com

* ldap-server 10.1.1.5

Install The Packages

We want to install the OpenLDAP server daemon slapd and ldap-utils, a package containing LDAPmanagement utilities:

sudo apt-get install slapd ldap-utils

Notes:

By default slapd is configured with minimal options needed to run the slapd daemon.

The configuration example in the following sections will match the domain name of theserver. For example, if the machine's Fully Qualified Domain Name (FQDN) is

ldap.example.com, the default suffix will be dc=example,dc=com.

Populating the server

Notes:

OpenLDAP uses a separate directory which contains the cn=config DirectoryInformation Tree (DIT). The cn=config DIT is used to dynamically configure the slapd

daemon, allowing the modification of schema definitions, indexes, ACLs, etc withoutstopping the service.

The backend cn=config directory has only a minimal configuration and will need

additional configuration options in order to populate the frontend directory. Thefrontend will be populated with a "classical" scheme that will be compatible withaddress book applications and with Unix Posix accounts. Posix accounts will allow

authentication to various applications, such as web applications, email Mail Transfer

Agent (MTA) applications, etc.

* For external applications to authenticate using LDAP they will each need to be

specifically configured to do so. Refer to the individual application documentation fordetails.

* Remember to change dc=example,dc=com in the following examples to match your

LDAP configuration.

8/8/2019 Lucid Ldap

http://slidepdf.com/reader/full/lucid-ldap 2/4

First, some additional schema files need to be loaded. In a terminal enter:

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f/etc/ldap/schema/cosine.ldifsudo ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/nis.ldifsudo ldapadd -Y EXTERNAL -H ldapi:/// -f

/etc/ldap/schema/inetorgperson.ldif

Next, create an LDIF file

vi ~/backend.ldif

With the following contents;

# Load dynamic backend modulesdn: cn=module,cn=configobjectClass: olcModuleList

cn: moduleolcModulepath: /usr/lib/ldapolcModuleload: back_hdb

# Database settingsdn: olcDatabase=hdb,cn=configobjectClass: olcDatabaseConfigobjectClass: olcHdbConfigolcDatabase: {1}hdbolcSuffix: dc=tuxnetworks,dc=com

olcDbDirectory: /var/lib/ldapolcRootDN: cn=admin,dc=tuxnetworks,dc=comolcRootPW: mypasswordolcDbConfig: set_cachesize 0 2097152 0olcDbConfig: set_lk_max_objects 1500olcDbConfig: set_lk_max_locks 1500olcDbConfig: set_lk_max_lockers 1500olcDbIndex: objectClass eqolcLastMod: TRUEolcDbCheckpoint: 512 30olcAccess: to attrs=userPassword by

dn="cn=admin,dc=tuxnetworks,dc=com" write by anonymous auth byself write by * noneolcAccess: to attrs=shadowLastChange by self write by * readolcAccess: to dn.base="" by * readolcAccess: to * by dn="cn=admin,dc=tuxnetworks,dc=com" write by *read

* Change olcRootPW: mypassword to a password of your choosing.

* Change dc=example,dc=com to suit your own domain details.

Now add the LDIF to the directory:

8/8/2019 Lucid Ldap

http://slidepdf.com/reader/full/lucid-ldap 3/4

sudo ldapadd -Y EXTERNAL -H ldapi:/// -f backend.ldif

The frontend directory is now ready to be populated. Create a frontend.ldif file

vi ~/frontend.ldif

Enter the following contents, once again making the necessary changes to suit your own network:

# Create top-level object in domain

dn: dc=tuxnetworks,dc=comobjectClass: top

objectClass: dcObjectobjectclass: organization

o: Tuxnetworks

dc: Tuxnetworksdescription: LDAP Server

# Admin user.dn: cn=admin,dc=tuxnetworks,dc=com

objectClass: simpleSecurityObjectobjectClass: organizationalRole

cn: admindescription: LDAP administrator

userPassword: mypassword

dn: ou=people,dc=tuxnetworks,dc=com

objectClass: organizationalUnitou: people

dn: ou=groups,dc=tuxnetworks,dc=comobjectClass: organizationalUnit

ou: groups

dn: uid=brettg,ou=people,dc=tuxnetworks,dc=com

objectClass: inetOrgPersonobjectClass: posixAccount

objectClass: shadowAccountuid: brettg

sn: GlassongivenName: Brettcn: Brett Glasson

displayName: Brett GlassonuidNumber: 1000

gidNumber: 10000

userPassword: mypasswordgecos: Brett Glasson

loginShell: /bin/bashhomeDirectory: /home/brettg

shadowExpire: -1

shadowFlag: 0shadowWarning: 7

shadowMin: 8

8/8/2019 Lucid Ldap

http://slidepdf.com/reader/full/lucid-ldap 4/4

shadowMax: 999999

shadowLastChange: 10877mail: brett.glasson@tuxnetworks.com

postalCode: 31000

l: Melbourneo: tuxnetworks

mobile: +33 (0)6 xx xx xx xxhomePhone: +33 (0)5 xx xx xx xx

title: System Administrator

postalAddress:initials: BG

dn: cn=users,ou=groups,dc=tuxnetworks,dc=com

objectClass: posixGroup

cn: usersgidNumber: 10000

Notes:In this example the directory structure, a user, and a group have been setup. In otherexamples you might see the objectClass: top added in every entry, but that is the default

behaviour so you do not have to add it explicitly.

Add the entries to the LDAP directory:

sudo ldapadd -x -D cn=admin,dc=tuxnetworks,dc=com -W -ffrontend.ldif

We can check that the content has been correctly added with the ldapsearch utility. Execute a searchof the LDAP directory:

ldapsearch -xLLL -b "dc=tuxnetworks,dc=com" uid=brettg sngivenName cn

Which should return something like this;

dn: uid=brettg,ou=people,dc=,dc=comcn: Brett Glassonsn: Glasson

givenName: Brett

Next, you should go ahead and install phpLDAPadmin, add Samba support or configure a client

References:

Ubuntu Docs